AWS CloudFormation – Templates, stacks and change sets

In a serie of blog articles I’ll take a closer look at AWS CloudFormation.

What is AWS CloudFormation?

AWS CloudFormation provides a common language to describe and provision the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all resources needed for your applications across all regions and accounts. Therefore this file serves as the single source of truth for your cloud environment.

The key concepts in CloudFormation are templates, stacks and change sets. I’ll cover this in the next section.

CloudFormation Templates

A template is a description of the desired end state of the infrastructure. It can be written in JSON or YAML and contains several sections. The only required section is Resources. That’s where you put the resources you’re going to use. The following example in YAML consists of two resources (EC2 instance and an elastic IP). It creates a t2.micro EC2 instance with a keypair (testkey) and an additional EBS volume. The image-id refers to the AMI that you need. This is region specific. Finally the elastic IP is assigned to the EC2 instance.

AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
    Type: "AWS::EC2::Instance"
      ImageId: "ami-0ff8a91507f77f867"
      InstanceType: t2.micro
      KeyName: testkey
          DeviceName: /dev/sdm
            VolumeType: io1
            Iops: 200
            DeleteOnTermination: false
            VolumeSize: 20
    Type: AWS::EC2::EIP
      InstanceId: !Ref MyEC2Instance

The EIP is attached to the instanceId via Ref. You can use this builtin function to refer to the logical name of another resource in your template. The value that Ref returns depends on the resource type. In general is returns the name of the resource, but that’s not always the case. Here you’ll find a table that lists the values returned by common resource types.

CloudFormation Stack

In AWS you manage the related resources in a single unit. This is called a stack. A template describes the resources and when CloudFormation executes the template, it creates a stack. You create, update or delete collection of resources by creating, updating and deleting stacks. To prevent unexpected interruptions to the resources in the stack, you can use ChangeSets to review the changes in the template before executing it.

CloudFormation ChangeSet

A ChangeSet will allow you to see how the changes will impact your running resources. Rather then updating the resource, CloudFormation may delete and recreate the resource.  This depends on the nature of the change. Renaming a RDS database instance for example will recreate an instance. This definitely will cause downtime to your RDS instance.

So prior performing updating on the stack, CloudFormation can create a ChangeSet that provides visibility to the actually changes that would be taken.

Basic work flow of CloudFormation

When you create a stack, AWS CloudFormation makes underlying service calls to AWS to provision and configure your resources. Note, that AWS CloudFormation will only perform actions you are permitted to. For example, to create EC2 instances by using AWS CloudFormation, you need permission to create instances. Likewise, you need similar permission to terminate instances when you delete stacks with instances. To manage permissions, use AWS Identity and Access Management (IAM).

You declare the calls that AWS CloudFormation makes in your template. Suppose for example, you have a template that describes an EC2 instance with a t1.micro instance type. When you use that template to create a stack, AWS CloudFormation calls the Amazon EC2 create instance API and specifies the instance type as t1.micro. The following diagram summarizes the AWS CloudFormation work flow for creating stacks.

Workflow AWS Cloudformation

If you specify a template stored locally, an S3 bucket is created by CloudFormation and will be used for each CloudFormation deployment after that. This is done for each region you’re working in. Before deploying it, CloudFormation will upload the template to the S3 bucket (in your account). It is also possible to create your own S3 bucket for your templates. In that case you need to specify the location of your S3 bucket before creating or updating your stack.

Next time more about designing templates for CloudFormation.

Vincent LamersVincent Lamers, Linux-consultant @ AT Computing

Actieve filters: Wis alle filters